-
Notifications
You must be signed in to change notification settings - Fork 348
KIEM Tech Spec
Shreyas Mishra edited this page May 10, 2023
·
3 revisions
This is how the flow of code will looke like
a
Right now the program will use the k8s api twice
- Service account
- User
- Group
user and groups are managed by platform which can be accessed by kubernetes authentication system how to get the user/ group name is yet to be figured out
AWS MAPPING to
AZURE
type PermissionTable struct {
Name string `json:"name"`
Kind string `json:"kind"`
Namespace string `json:"namespace,omitempty"`
RoleBindingInfo []RoleBindingInfo `json:"RoleBindingInfo"`
}
type RoleBindingInfo struct {
Namespace string `json:"namespace"`
RoleBindingName string `json:"role_binding_name"`
Name string `json:"rolename"`
Rules []RoleRuleInfo `json:"rules"`
}
type RoleRuleInfo struct {
APIGroups []string `json:"api_groups"`
Resources []string `json:"resources"`
Verbs []string `json:"verbs"`
}
[
{
"name": "something",
"kind": "group",
"namespace": "namespace",
"RoleBindingInfo": [
{
"namespace": "namespace",
"role_binding_name": "app-dev",
"role_name" : "Dev-Team"
"rules": [
{
"api_groups": [
"kubearmor.io"
],
"resources": [
"kubearmorsecuritypolicy",
"kubearmorhostpolicy"
],
"verbs": [
"list",
"update",
"add",
"delete"
]
},
{
"api_groups": [
"cilium.io"
],
"resources": [
"ciliumsecuritypolicy",
"ciliumhostpolicy"
],
"verbs": [
"get",
"list",
"add",
"delete"
]
}
]
}
]
}
]